Security Alerts and Updates

August, 2018  (Click listings for more information).
17   Yet another bug in Win10 1803.
17    2 undocumented patches for the 1803 TLS 1.2 blocking problem.
17   Necurs Botnet Pushing New Marap Malware.
16   Bitlocker on 1803 pauses during updates.
16   Mozilla removes 23 Firefox add-ons that snooped on users.
16   Having trouble logging in to Office 365? You aren’t alone.
16   Win10 1803 installation failure loop: bootres.dll is corrupt.
16   Win10 1803 Aug cumulative update: Installation fail loop.
16   Use Google Drive? Upgrade to Google One, cheap – AskWoody.
16   New bypasses for browser tracking protections and ad blockers.
16   Opera Software has released the latest version of its web browser.
16   Hanging up on mobile in the name of security – KrebsonSecurity.
16   Chrome bug allowed hackers access to all personal Facebook info.
15   Firefox Add-On Caught Collecting Users’ Browsing History.
15   Patch Tuesday fallout: Bad docs, but so far no major problems.
15   Email Phishers Bypass Microsoft Office 365 Protections.
15   Patch Tuesday, August 2018 Edition – KrebsonSecurity.
14   AV – Real-World Protection Test July, 2018.
14   Three New Intel CPU Side-Channel Flaws Discovered.
14   Adobe releases security patches for its 4 popular software.
14   Patch Tuesday hits with a bang – AskWoody.
13   Google tracks Android, iPhone users with Location History turned off.
13   Patch Tuesday’s coming: Block Windows Update.
12   Invisible mouse clicks let hackers burrow deep into macOS.
10   Many Android devices come with vulnerabilities.
10   Intel Graphics Driver security update for Windows 10.
09  Facial recognition tool can track people across social media sites.
08  Surface Pro 3 gets an update to improve security.
08  Google adds support for Windows 10 notifications in Chrome.
08  The mechanics of Windows patching – in plain English.
08  WhatsApp flaw lets users modify group chats to spread fake news.
07  FBI – Building a Defense Against Facebook Messenger Frauds.
07  AV – Android Mobile Security Review 2018 released.
07  Microsoft to support Skype Classic ‘for some time’ after users revolt.
06  Android 9.0 Pie is already available for the Essential Phone.
06  Cracking passwords of some WPA2 Wi-Fi networks now easier.
06  Mozilla fixes security vulnerabilities in Thunderbird 60.
04  Patch Lady – my response.
03  Windows updaters express frustrations. Microsoft responds.
03  CCleaner v5.45 pulled due to anger over usage data collection.
03  Surface Book 2 gets a huge list of firmware & driver updates.
03  The Week in Ransomware – Revenge of the Crab & more.
02  Microsoft Surface Book 2 Getting New Firmware Update.
02  The Year Targeted Phishing Went Mainstream.
02  Microsoft Edge Flaw Lets Hackers Steal Local Files.
02  Coinhive cryptojacking campaign targets MikroTik routers.
02  Patch Lady – Office 365 eula is due to update.
02  Patch Lady – guiding principles on patching.
01   Reddit breach highlights limits of SMS-based authentication.
01   Five file types make up 85% of all spam malicious attachments.
01   An open letter to Microsoft about poor Windows 10 update experiences.

July, 2018  (Click listings for more information).
31   Mac Security Test & Review 2018 (
31   If at first you don’t succeed, .Net, .Net, .Net again.
30  Microsoft is prompting older Windows 10 versions to update.
28  Microsoft’s Surface Pro gets its biggest update yet.
27  The Week in Ransomware – Ransomware still a threat.
27  Fake websites for famous apps found pushing adware.
27  Patch Lady – a visual representation of July’s known issues.
26  Microsoft is having one of the worst patching months ever.
26  Microsoft Surface Laptop & Surface Pro 4 get new firmware updates.
25  LifeLock bug exposed millions of customer email addresses.
25  Snoopware installed by iOS, Android, Chrome, & Firefox users.
24  Windows 10 cumulative updates released for versions 1703, 1709 & 1803.
24  Chrome 68 released with security features & warnings on HTTP sites.
24  New strain of Mac malware Proton found after two years.
23  Researchers Detail New CPU Side-Channel Attack.
23  That IE zero-day from May needed a second patch in July.
23  .Net patches appear, disappear, reappear, disappear again.
23  Bluetooth implementations vulnerable.
21   Microsoft Edge’s XSS Filter Appears to Be Broken.
21   Win10 1709 & later are supposed to uninstall SMBv1 if it isn’t used.
20  The Week in Ransomware – Ransomware Attacks, and More.
20  Half a billion IoT devices vulnerable to DNS rebinding attacks.
20  The July .NET patches are even worse than you think.
20  Microsoft dives down a bizarre rabbit hole with July patches.
20  How Android Malware Keeps Sneaking Into the Play Store.
18   Microsoft Released Windows 7 & 8.1 Cumulative Updates.
18   PayPal’s Venmo app exposes most transactions via its API.
17   You can now install Chrome extensions in Opera directly.
17   Windows July patches, version 2.
16   Microsoft releases patches for Windows 10 versions 1803, 1709, & 1703.
16   Microsoft just released 27 new security patches.
16   Microsoft is finally adding call recording to Skype.
15   Chrome and Firefox gain Timeline integration via add-on.
15   Passwords for thousands of Dahua devices cached in IoT search engine.
15   Office for Android gets a bunch of new features in the July update.
13   Patch Lady post – if you’ve patched….
13   The Week in Ransomware – CoinVault Court Case & More.
13   Microsoft yanks KB 4018385, republishes all of this month’s patch downloads.
12   Firefox Focus gets new features and comes to the latest BlackBerry.
12   Microsoft patches “Lazy FP State Restore” bug affecting Intel CPUs.
12   Patch Tuesday crop teems with bugs, snooping patches return.
11    Google enables “Site Isolation” feature for Chrome desktop.
11    New Spectre 1.1 and Spectre 1.2 CPU flaws disclosed.
10   Microsoft releases patches for Windows 7 and 8.1.
10    Microsoft releases patches for all Windows 10 builds.
10   Adobe pushes fixes for Flash Player, Acrobat, Reader, more.
10  Microsoft updates list of dangerous files it blocks inside Office 365 docs.
09  Apple Releases Multiple Security Updates.
09  Smart TVs are spying on you through your phone.
09  Timehop security breach affects entire 21 million userbase.
06  The Week in Ransomware – Nozelesn & GandCrab V4.
06  Apple Releases Security Update for Boot Camp.
06  Microsoft Launcher for Android Gets a Big Update.
05  Microsoft resumes delivering Windows 7 Defender definition updates.
04  Chrome and Firefox pull Stylish add-on after report it logged browser history.
04  Someone else may be reading your Gmails.
03  Malware authors weaponizing Windows SettingContent-ms files.
03  Download bomb trick returns in Chrome; also affects Firefox, Opera, Vivaldi & Brave.
03  Mozilla fixes security vulnerabilities in Thunderbird 52.9.
02  Samsung Messages app sends photos to random contacts.
02  Facebook admits it shared user data with 61 companies.
02  Newer Diameter Telephony Protocol just as vulnerable as SS7.
01   New Medicare cards are in the mail for Kansas residents.

AV Real-World Protection Test February-June 2018

June, 2018  (Click listings for more information).
29  Adidas Announces Data Breach.
29  PROPagate code injection technique detected for the first time.
28  Your PC is infected if ‘All-Radio 4.27 Portable’ can’t be removed.
28  Android devices since 2012 impacted by RAMpage vulnerability.
28  Microsoft updates drivers and firmware for Surface devices.
28  Some Spectre In-Browser Mitigations Can Be Defeated.
28  Plant Your Flag, Mark Your Territory.
27  Windows Defender Detecting Legitimate Files as Trojan.
27  WPA3, a Wi-Fi security standard, will replace WPA2.
27  NSA Exploit Patched to Work on Windows IoT Systems.
26  Windows Settings Shortcuts Can Be Abused on Windows 10.
26  ♦ Microsoft releases Windows 10 build 17134.137 – KB4284848.
26  Firefox 61 Released for Windows, Mac, and Linux.
26  “Have I Been Pwned” being added to Firefox & 1Password.
23  Apple Confirms Major Issues With MacBook Keyboards.
23  Systems lacking SSE2 support not receiving Windows updates.
23  Android & iOS applications are exposing over 113 GBs of data.
22  The Week in Ransomware – Scarab Everywhere!
22  Updated browser should keep users safe from most exploit kits.
22  Fake WannaCry blackmail campaign is really just WannaSpam.
22  Someone is using insecure cameras to spy on device owners.
21   Microsoft releases Windows 10 builds 16299.522, 15063.1182.
20  Google Updates File Signature Checks for Android Apps.
20  Google, Roku, Sonos to fix DNS Rebinding Attack Vector.
19  ZeroFont Technique Bypasses Office 365 Security Filters.
19   AT&T, Sprint, Verizon to stop sharing customer location data.
18   MacOS still leaks secrets stored on encrypted drives.
18   Google to fix location data leak in Google Home, Chromecast.
18   Adware wreaks havoc among Windows 10 users in the US.
15   AV Real-World Protection Test May 2018 – Factsheet.
15   The Week in Ransomware – DBGer, Scarab, and More.
14    Windows 10 April 2018 Update is now fully available.
14   Android malware packs a banking trojan, keylogger & ransomware.
13   VPNFilter Malware Still Making Waves.
13   New Vulnerability Affects All Intel Core CPUs.
13   Cortana hack lets you change passwords on locked PCs.
13   Status of Meltdown and Spectre Mitigations in Windows.
12   ♦ Microsoft releases Windows 10 builds 17134.112, 16299.492.
12   Mac Security Tool bugs show Malware as Apple Software.
12   Trik Spam Botnet Leaks 43 Million Email Addresses.
12   Microsoft and Adobe Flash Player issue security patches.
11    Apple Bans Apps That Mine Cryptocurrencies.
11   Thousands of Android devices are exposing their debug port.
08  The Week in Ransomware – CryBrazil, CryptConsole, etc.
08  Malspam Campaigns Bypass AV Filters and Install RATs.
08  F-Secure fixes serious vulnerability in antivirus products.
07  Google Releases Security Update for Chrome.
07  Facebook Bug Caused New Posts to be Shared Publicly.
07  Security vulnerabilities fixed in Firefox 60.0.2.
07  Adobe Patches Zero-Day Flash Flaw.
07  Patches available for bugs in popular brand of IP cameras.
06  VPNFilter malware is much worse than previously thought.
05  Microsoft releases Windows 10 build 17134.83 – KB4338548.
05  Credentials for 92 million users of DNA testing firm exposed.
04  How to protect yourself from Ticketfly type megabreaches.
01   Firmware & driver updates for Microsoft Surface 3 tablet.
01   Apple Releases Security Updates for macOS.
01   The Week in Ransomware – from Russia with Love, etc.